[webkit-changes] [286971] trunk/Source

[cdumez]

Title: [286971] trunk/Source

Revision

286971

Author

cdu...@apple.com

Date

2021-12-13 12:29:59 -0800 (Mon, 13 Dec 2021)

Log Message

Regression(r283565) Unable to report private messages as Spam in Twitter app
https://bugs.webkit.org/show_bug.cgi?id=234253
<rdar://86043227>

Reviewed by Alex Christensen.

Source/WebCore:

Add macro for new linkedOnOrAfter check for sending the Authorization header
on same origin redirects.

* platform/cocoa/VersionChecks.h:

Source/WebKit:

In r283565, we aligned WebKit's behavior with the Fetch specification and with
Gecko / Blink by keeping the Authorization header on same origin redirects.

However, when reporting a private message in the twitter app, it does a
same-origin redirect from `https://twitter.com/account/authenticate_web_view?...`
to `https://twitter.com/account/authenticate_web_view?...` and the HTTP server
reponds with a 401/Unauthorized when we send the Authorization on the post-redirect
request. As far as I can tell, our behavior is correct here and I suspect this is an
issue with the twitter server. As a result, I am simply gating the new behavior
behind a linked-on-or-after check to give twitter a chance to address the issue on
their end.

* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):

Source/WTF:

Add some new iOS / macOS versions.

* wtf/spi/darwin/dyldSPI.h:

Modified Paths

• trunk/Source/WTF/ChangeLog
• trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/cocoa/VersionChecks.h
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

Diff

Modified: trunk/Source/WTF/ChangeLog (286970 => 286971)

--- trunk/Source/WTF/ChangeLog	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WTF/ChangeLog	2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,15 @@
+2021-12-13  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r283565) Unable to report private messages as Spam in Twitter app
+        https://bugs.webkit.org/show_bug.cgi?id=234253
+        <rdar://86043227>
+
+        Reviewed by Alex Christensen.
+
+        Add some new iOS / macOS versions.
+
+        * wtf/spi/darwin/dyldSPI.h:
+
 2021-12-13  Elliott Williams  <e...@apple.com>
 
         Deployment target for macOS 11+ does not follow minor version bumps

Modified: trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h (286970 => 286971)

--- trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h	2021-12-13 20:29:59 UTC (rev 286971)
@@ -133,6 +133,7 @@
 #define DYLD_IOS_VERSION_14_2 0x000E0200
 #define DYLD_IOS_VERSION_14_5 0x000E0500
 #define DYLD_IOS_VERSION_15_0 0x000f0000
+#define DYLD_IOS_VERSION_15_4 0x000f0400
 #define DYLD_IOS_VERSION_16_0 0x00100000
 
 #define DYLD_MACOSX_VERSION_10_11 0x000A0B00
@@ -145,6 +146,7 @@
 #define DYLD_MACOSX_VERSION_10_16 0x000A1000
 #define DYLD_MACOSX_VERSION_11_3 0x000B0300
 #define DYLD_MACOSX_VERSION_12_00 0x000c0000
+#define DYLD_MACOSX_VERSION_12_3 0x000c0300
 #define DYLD_MACOSX_VERSION_13_0 0x000d0000
 
 #endif

Modified: trunk/Source/WebCore/ChangeLog (286970 => 286971)

--- trunk/Source/WebCore/ChangeLog	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebCore/ChangeLog	2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,16 @@
+2021-12-13  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r283565) Unable to report private messages as Spam in Twitter app
+        https://bugs.webkit.org/show_bug.cgi?id=234253
+        <rdar://86043227>
+
+        Reviewed by Alex Christensen.
+
+        Add macro for new linkedOnOrAfter check for sending the Authorization header
+        on same origin redirects.
+
+        * platform/cocoa/VersionChecks.h:
+
 2021-12-13  Youenn Fablet  <you...@apple.com>
 
         FetchResponse::clone should use the relevant realm for the cloned response

Modified: trunk/Source/WebCore/platform/cocoa/VersionChecks.h (286970 => 286971)

--- trunk/Source/WebCore/platform/cocoa/VersionChecks.h	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebCore/platform/cocoa/VersionChecks.h	2021-12-13 20:29:59 UTC (rev 286971)
@@ -72,6 +72,7 @@
     FirstWithDOMWindowReuseRestriction  = DYLD_IOS_VERSION_15_0,
     FirstWithApplicationCacheDisabledByDefault = DYLD_IOS_VERSION_15_0,
     FirstWithoutExpandoIndexedPropertiesOnWindow = DYLD_IOS_VERSION_15_0,
+    FirstWithAuthorizationHeaderOnSameOriginRedirects = DYLD_IOS_VERSION_15_4,
     FirstForbiddingDotPrefixedFonts = DYLD_IOS_VERSION_16_0,
 #elif PLATFORM(MAC)
     FirstThatConvertsInvalidURLsToBlank = DYLD_MACOSX_VERSION_10_12,
@@ -99,6 +100,7 @@
     FirstThatAllowsWheelEventGesturesToBecomeNonBlocking = DYLD_MACOSX_VERSION_11_3,
     FirstWithApplicationCacheDisabledByDefault = DYLD_MACOSX_VERSION_12_00,
     FirstWithoutExpandoIndexedPropertiesOnWindow = DYLD_MACOSX_VERSION_12_00,
+    FirstWithAuthorizationHeaderOnSameOriginRedirects = DYLD_MACOSX_VERSION_12_3,
     FirstForbiddingDotPrefixedFonts = DYLD_MACOSX_VERSION_13_0,
 #endif
 };

Modified: trunk/Source/WebKit/ChangeLog (286970 => 286971)

--- trunk/Source/WebKit/ChangeLog	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebKit/ChangeLog	2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,26 @@
+2021-12-13  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r283565) Unable to report private messages as Spam in Twitter app
+        https://bugs.webkit.org/show_bug.cgi?id=234253
+        <rdar://86043227>
+
+        Reviewed by Alex Christensen.
+
+        In r283565, we aligned WebKit's behavior with the Fetch specification and with
+        Gecko / Blink by keeping the Authorization header on same origin redirects.
+
+        However, when reporting a private message in the twitter app, it does a
+        same-origin redirect from `https://twitter.com/account/authenticate_web_view?...`
+        to `https://twitter.com/account/authenticate_web_view?...` and the HTTP server
+        reponds with a 401/Unauthorized when we send the Authorization on the post-redirect
+        request. As far as I can tell, our behavior is correct here and I suspect this is an
+        issue with the twitter server. As a result, I am simply gating the new behavior
+        behind a linked-on-or-after check to give twitter a chance to address the issue on
+        their end.
+
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+
 2021-12-13  Youenn Fablet  <you...@apple.com>
 
         REGRESSION (r286841): [ iOS ] Many webrtc tests flaky failing on iOS

Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (286970 => 286971)

--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm	2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm	2021-12-13 20:29:59 UTC (rev 286971)
@@ -41,6 +41,7 @@
 #import <WebCore/RegistrableDomain.h>
 #import <WebCore/ResourceRequest.h>
 #import <WebCore/TimingAllowOrigin.h>
+#import <WebCore/VersionChecks.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
 #import <wtf/BlockPtr.h>
 #import <wtf/FileSystem.h>
@@ -495,7 +496,7 @@
         request.clearHTTPOrigin();
 
     } else {
-        if (auto authorization = m_firstRequest.httpHeaderField(WebCore::HTTPHeaderName::Authorization); !authorization.isNull())
+        if (auto authorization = m_firstRequest.httpHeaderField(WebCore::HTTPHeaderName::Authorization); !authorization.isNull() && linkedOnOrAfter(WebCore::SDKVersion::FirstWithAuthorizationHeaderOnSameOriginRedirects))
             request.setHTTPHeaderField(WebCore::HTTPHeaderName::Authorization, authorization);
 
 #if USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes